That's what i get for replying too soon. It looks like your getting hit with the "last login" item that came up on the list in January. http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010020.html
James On Mon, Mar 5, 2018 at 12:09 PM, Piegorsch, Weylin William <wey...@bu.edu> wrote: > Thanks James. Except, I can get the login prompt fine, which means the > SSH cyphersuite negotiated well enough; and, I have no problems with any of > my other ASAs running various code versions between 8.3 and 9.7. See also > below. > > Weylin > > > > [rancid@rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc > > > > # > > # cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later > > # http://www.cisco.com/c/en/us/support/docs/switches/nexus- > 9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html > > # This also works fine for all other campus devices > > # 22 Sep 2015 > > # > > add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc, > aes192-cbc,aes256-cbc} > > [rancid@rancid-server ~] > > > > > > *From: *james machado <hvgeekwt...@gmail.com> > *Date: *Monday, March 5, 2018 at 12:18 PM > *To: *Weylin Piegorsch <wey...@bu.edu> > *Cc: *"rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net> > *Subject: *Re: [rancid] New Cisco ASA Login Failure > > > > This is due to changes in the supported encryption methods in the updated > IOS's and ASA softwares. in your .cloginrc you will want to add a line: > > > > add cyphertype <device> {encryption method} > > > > you can find an encryption method your systems are happy with by doing the > following: > > > > ssh -vv <device> > > [...] > > debug2: mac_setup: found hmac-sha1 > > debug1: kex: server->client aes128-ctr hmac-sha1 none > > debug2: mac_setup: found hmac-sha1 > > debug1: kex: client->server aes128ctr hmac-sha1 none > > [...] > > > > with my ASA's i use {aes256-ctr}. > > > > james > > > > > > On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <wey...@bu.edu> > wrote: > > Hello, > > > > I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 > version), that rancid’s not logging into properly. Clogincrc is set to > method {telnet ssh} because there’s a plethora of really really old devices > that hang when I try the other way around (and we haven’t been funded to > refresh them nor authorized to remove them). > > > > Here’s what rancid shows: > > > > [rancid@nsgv-prod-59 ~]$ rancid -V > > rancid 3.4.1 > > [rancid@nsgv-prod-59 ~]$ > > [rancid@nsgv-prod-59 ~]$ > > [rancid@nsgv-prod-59 ~]$ > > [rancid@nsgv-prod-59 ~]$ clogin xxxxxxxxxx > > xxxxxxxxxx > > spawn telnet xxxxxxxxxx > > Trying yyyyyyy... > > telnet: connect to address yyyyyyy: Connection refused > > spawn ssh -2 -c > aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc > -x -l rancid xxxxxxxxxx > > > > +------------------------------------+ > > | BOSTON UNIVERSITY | > > +------------------------------------+ > > | !! WARNING !! | > > | AUTHORIZED ACCESS ONLY! | > > | Access to this system is permitted | > > | for authorized persons only. All | > > | connections are logged and | > > | monitored. By accessing this | > > | system, you acknowledge that use | > > | of this and any other technology | > > | at Boston University is subject to | > > | the terms of the Boston University | > > | Conditions of Use and Policy on | > > | Computing Ethics; please see: | > > | http://www.bu.edu/computing/ethics | > > | for details. | > > +------------------------------------+ > > > > rancid@xxxxxxxxxx 's password: > > User rancid logged in to xxxxxxxxxx > > Logins over the last 2 days: 12. Last login: 08:39:20 EST Mar 5 2018 > from zzzzzzz > > Failed logins since the last login: 0. > > Type help or '?' for a list of available commands. > > xxxxxxxxxx/pri/act> rancid > > ^ > > ERROR: % Invalid input detected at '^' marker. > > xxxxxxxxxx/pri/act> en > > Error: Unrecognized command, check your enable command > > able > > Password: > > Password: > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss@shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > >
_______________________________________________ Rancid-discuss mailing list Rancid-discuss@shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss
